package SV_DATA_FILE;

import javax.servlet.http.*;

public class Vulnerable_01 {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));
        String pLine = br.readLine();
        String filename = pLine.substring(pLine.lastIndexOf("\\"), pLine.lastIndexOf("\""));
        BufferedWriter bw = new BufferedWriter(new FileWriter(UPLOAD_DIRECTORY_STRING + filename, true));  // <- Defect detected here because of a new file been created with tainted name

        for (String line; (line=br.readLine())!=null; ) {
            if (line.indexOf(boundary) == -1) {
                bw.write(line);
                bw.newLine();
                bw.flush();
            }
        }
        bw.close();
    }
}
